Cyberspace's Most Wanted: Hacker Eludes F.B.I. Pursuit

By JOHN MARKOFF

Published: July 4, 1994

Combining technical wizardry with the ages-old guile of a grifter, Kevin Mitnick is a computer programmer run amok. And law-enforcement officials cannot seem to catch up with him.

Thirty years old, Mr. Mitnick has already served time in jail for one computer crime and pleaded guilty to another. One of his lawyers told a court that he had an addiction to computers, and during his time in a treatment program he was prohibited from touching a computer or modem.

Now one of the nation's most wanted computer criminals, Mr. Mitnick is suspected of stealing software and data from more than a half dozen leading cellular telephone manufacturers, coaxing gullible employees into giving him passwords and computer codes that could be used to break into their computers.

He is currently being hunted for violating a Federal probation requirement that he not enter computers illegally or associate with other people convicted of similar crimes.

As a teen-ager he used a computer and a modem to break into a North American Air Defense Command computer, foreshadowing the 1983 movie "War Games." He gained control of three telephone-company central offices in Manhattan and all the phone switching centers in California, giving him the ability to listen in on calls and pull pranks like reprogramming the home phone of someone he did not like so that each time the phone was picked up, a recording asked for a deposit of 25 cents.

For months he secretly read the electronic mail of computer security officials at MCI Communications and Digital Equipment, learning how their computers and phone equipment were protected. Officials at Digital later accused him of causing $4 million in damage to computer operations at the company and stealing $1 million of software.

Mr. Mitnick is now a suspect in the theft of software that companies plan to use for everything from handling billing information to determining the location of a caller to scrambling wireless phone calls to keep them private. Such a breach could compromise the security of future cellular telephone networks even as their marketers assert that they will offer new levels of protection.

While he is thought to be living somewhere in Southern California, Mr. Mitnick has eluded an F.B.I. manhunt for more than a year and a half, Justice Department officials say. Last year, while a fugitive, he managed to gain control of a phone system in California that allowed him to wiretap the F.B.I. agents who were searching for him.

"He has created a lot of frustration inside the bureau," said James Settle, a former computer crime fighter for the Federal Bureau of Investigation. "He should have been locked up long ago."

It is not clear if Mr. Mitnick has computing skills that are unusual in the world of programming, but he is clearly adept at what is known in the computer underground as "social engineering."

By masquerading as a company executive in a telephone call, he frequently talks an unsuspecting company employee into giving him passwords and other information that makes it possible for him to gain entry to computers illegally. Using a personal computer and a modem, he then connects to a company's computer and, with his knowledge of how operating systems work, commands it to copy software illegally, display confidential electronic messages or alter a telephone switch so he can silently monitor a call. There is no evidence that Mr. Mitnick has used his computer skills illegally to make money, although the cellular phone companies say the person who stole their software could sell it to competing manufacturers in Asia or to criminals who want to offer free phone calls. F.B.I. and Justice Department officials said they were still uncertain of his motives and did not have absolute proof that he was behind the attacks on cellular phone companies. Three friends and one former associate reached in an attempt to speak with Mr. Mitnick said they had not seen or heard from him since he fled. Loner Who Likes to Spy

Mr. Mitnick grew up a shy loner who found delight and a sense of power through his computer. "He is an overweight computer nerd, but when he is behind a keyboard he feels omnipotent," said Harriet Rossetto, a counselor at the Beit T'Shuvah treatment center in Los Angeles, where Mr. Mitnick was treated in 1989, under the order of a Federal judge, for his "addictive" attraction to computer hacking.

Always fascinated by spying, he fancied himself a master at fooling and eluding the authorities, much like a role model, the character played by Robert Redford in "Three Days of the Condor." In the 1975 movie, Mr. Redford portrays a C.I.A. employee who uses his knowledge of the telephone network to avoid capture by sinister forces in the Government.

Mr. Mitnick developed his passion for computing at Monroe High School in the Los Angeles suburb of Sepulveda, where he was raised by his mother, Shelly Jaffee, a waitress who had divorced Mr. Mitnick's father when their son was 3.

Mr. Mitnick got in trouble at his high school for tapping into the Los Angeles School District's computers. He began spending time with a loosely knit group of "phone phreaks," young people whose hobby was illegally mastering the inner workings of the telephone switching system.

His first brush with the law came in 1981, when, as a 17-year-old, he was arrested for stealing computer manuals from Pacific Bell's switching center in Los Angeles. He was prosecuted as a juvenile and sentenced to probation.

A year later, he was caught breaking into computers at the University of Southern California and was jailed for six months. Tricked His Pursuers

The exploits of Mr. Mitnick, who worked at various computer programming jobs to support himself, became legendary. For example, after he gained control of the telephone switching network in Los Angeles, he reprogrammed the system to mislead Federal agents trying to trace his call. Thinking they had found his hideout, they barged into the home of a Middle Eastern immigrant watching television.

After being denied a job in computer security by the Security Pacific Bank, he created a fake news release stating inaccurately that the bank would show a loss of $400 million for the quarter, and tried to distribute it on a business news service. (The news service detected the ruse in time to stop it.)

In 1987, he was arrested on charges of electronically breaking into a computer at the Santa Cruz Operation, a software publisher. He pleaded guilty to a misdemeanor, paid a small fine and was placed on three years' probation.

A year later he was arrested again, this time by F.B.I. agents, on charges of stealing prototype operating-system software from the Digital Equipment Corporation. He was later convicted. The F.B.I. had closed in on him only after he tried to harass a friend and partner in crime by pretending to be an I.R.S. agent and making threatening calls to his friend's employer. His friend then told the authorities what Mr. Mitnick had done.

A man with a passion for gathering dossiers and playing tricks on both friends and enemies, Mr. Mitnick so intimidated the authorities when he was arrested in 1988 that Judge Mariana R. Pfaelzer of the Federal District Court in Los Angeles initially ruled that he could not have access to a telephone for fear of the damage he might cause.

Other law-enforcement officials had been similarly cautious. In one investigation in the mid-1980's, a Los Angeles police detective said he had been forced to go into hiding while he conducted surveillance on Mr. Mitnick. "I've always considered him dangerous," said the detective, Jim Black, now a security specialist for MCI. "I had to go underground. If he targets you, he can make your life miserable."

After Mr. Mitnick's 1988 arrest, his lawyer convinced the judge that Mr. Mitnick's problem was similar to a drug or gambling addiction. He served a year in prison at the low-security Federal prison in Lompoc, Calif. He then spent six months in a small residential treatment program that emphasizes the 12-step Alcoholics Anonymous model.

During the treatment program, Mr. Mitnick was prohibited from touching a computer or a modem. He began exercising regularly and lost more than 100 pounds. Later, he briefly obtained a job as a programmer for a health care provider. Vanished in 1992

Mr. Mitnick vanished in November 1992 after the F.B.I. searched his home with a warrant stating that he was again breaking into telephone-company computers while working for a Southern California detective agency. His friends say he may be supporting himself through a computer programming job he gained by using a false identity.

The California Department of Motor Vehicles has also issued a warrant for his arrest. The warrant, issued in September, states that Mr. Mitnick wiretapped F.B.I. agents' calls to the state agency. He then used law-enforcement access codes he had obtained by eavesdropping on the agents to make illegal requests for drivers' licenses, state investigators say.

The information from such drivers' licenses could help him gain a false identity and help him find out where his enemies live. It is just such tactics that will make Mr. Mitnick very hard to find.